This android only.

From the article:

Meta managed to do this even when:

• You aren’t using the app (but have a session open in the background).

• You haven’t logged into your account in the browser.

• You’re browsing in incognito mode.

• You’re using a VPN.

• You delete cookies at the end of every session.

The captured data includes:

• Complete browsing history with specific URLs

• Products added to cart and purchases made

• Registrations on websites and completed forms

• Temporal behavioral patterns across websites and apps

• Direct linking to real identities on social networks

You’re not affected if (and only if)

• You access Facebook and Instagram via the web, without having the apps installed on your phone

• You browse on desktop computers or use iOS (iPhones)

• You always used the Brave browser or the DuckDuckGo search engine on mobile

They should have said, but I guessing they didn’t because it’s easy and indicates it at the checkpoint. You tell the agent you are declining the biometric identification. Do it as soon as you hand the agent your ID, don’t step in front of the machine, then follow instruction (probably step alongside so they have a clear view of your face).